[PATCH RFC] overlayfs, xattr: allow unprivileged users to whiteout
Andy Whitcroft
apw at canonical.com
Fri Feb 28 14:55:14 UTC 2014
On Fri, Feb 28, 2014 at 03:15:14PM +0100, Miklos Szeredi wrote:
> On Tue, Feb 25, 2014 at 6:31 PM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> > To mark a file which exists in the lower layer as deleted,
> > it creates a symbolic link to a file called "(overlay-whiteout)"
> > in the writeable mount, and sets a "trusted.overlay" xattr
> > on that link.
> >
> > 1. When the create the symbolic link as container root, not
> > as the global root
> >
> > 2. Allow root in a container to edit "trusted.overlay*"
> > xattrs. Generally only global root is allowed to edit
> > "trusted.*"
>
> Shouldn't overlayfs just skip the permission checks and call
> __vfs_setxattr_noperm() instead?
It does seem we should be avoiding the permissions here, as we have let
the thing be mounted we have done the permissions checks for that and for
the file access itself already. This operation is something we definatly
want to represent in the filesystem.
-apw
More information about the kernel-team
mailing list